Driver irql less or not equal error

Question

Hi Everyone, 

My PC has been crashing a lot lately, and I am on my wits end in figuring out what's wrong here. I am able to WinDbg the dump file, but I am not too sure what I am looking at here. It would be great if I can have advice on what needs to be fixed.

---

Microsoft (R) Windows Debugger Version 10.0.20153.1000 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [C:\Windows\Minidump\122620-6671-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*
Symbol search path is: srv*
Executable search path is: 
Windows 10 Kernel Version 19041 MP (8 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Edition build lab: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff802`52a00000 PsLoadedModuleList = 0xfffff802`5362a2b0
Debug session time: Sat Dec 26 04:44:36.959 2020 (UTC + 8:00)
System Uptime: 0 days 13:26:18.598
Loading Kernel Symbols
...............................................................
................................................................
.............................................................
Loading User Symbols
Loading unloaded module list
.....................
For analysis of this file, run !analyze -v
nt!KeBugCheckEx:
fffff802`52df5780 48894c2408      mov     qword ptr [rsp+8],rcx ss:0018:ffff9a01`fb347630=000000000000000a
7: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: ffff9a0222c7ea8d, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: ffff9a01feacb03b, address which referenced memory

Debugging Details:
------------------

DBGHELP: Timeout to store: C:\ProgramData\Dbg\sym*https://msdl.microsoft.com/download/symbols
*** WARNING: Unable to verify checksum for win32k.sys

KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 2827

    Key  : Analysis.DebugAnalysisProvider.CPP
    Value: Create: 8007007e on DESKTOP-JK65TUI

    Key  : Analysis.DebugData
    Value: CreateObject

    Key  : Analysis.DebugModel
    Value: CreateObject

    Key  : Analysis.Elapsed.mSec
    Value: 101882

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 83

    Key  : Analysis.System
    Value: CreateObject

    Key  : WER.OS.Branch
    Value: vb_release

    Key  : WER.OS.Timestamp
    Value: 2019-12-06T14:06:00Z

    Key  : WER.OS.Version
    Value: 10.0.19041.1

ADDITIONAL_XML: 1

OS_BUILD_LAYERS: 1

BUGCHECK_CODE:  d1

BUGCHECK_P1: ffff9a0222c7ea8d

BUGCHECK_P2: 2

BUGCHECK_P3: 0

BUGCHECK_P4: ffff9a01feacb03b

READ_ADDRESS: fffff802536fa390: Unable to get MiVisibleState
Unable to get NonPagedPoolStart
Unable to get NonPagedPoolEnd
Unable to get PagedPoolStart
Unable to get PagedPoolEnd
fffff8025360f330: Unable to get Flags value from nt!KdVersionBlock
fffff8025360f330: Unable to get Flags value from nt!KdVersionBlock
unable to get nt!MmSpecialPagesInUse
 ffff9a0222c7ea8d 

BLACKBOXBSD: 1 (!blackboxbsd)

BLACKBOXNTFS: 1 (!blackboxntfs)

BLACKBOXPNP: 1 (!blackboxpnp)

BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  System

TRAP_FRAME:  ffff9a01fb347770 -- (.trap 0xffff9a01fb347770)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=ffff9a01feacb037 rbx=0000000000000000 rcx=ffff9a01feacb037
rdx=320781cc444a1553 rsi=0000000000000000 rdi=0000000000000000
rip=ffff9a01feacb03b rsp=ffff9a01fb347908 rbp=ffff8009f968f670
 r8=0000000000000000  r9=0000000000000000 r10=ffff9a01feacb037
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz na po nc
ffff9a01`feacb03b 48315108        xor     qword ptr [rcx+8],rdx ds:ffff9a01`feacb03f=2a56b084541b241b
Resetting default scope

BAD_STACK_POINTER:  ffff9a01fb347628

STACK_TEXT:  
ffff9a01`fb347628 fffff802`52e07769     : 00000000`0000000a ffff9a02`22c7ea8d 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
ffff9a01`fb347630 fffff802`52e03a69     : ffff22c5`a7a6871e fffff802`52e035e0 00000000`00000000 00000000`00000001 : nt!KiBugCheckDispatch+0x69
ffff9a01`fb347770 ffff9a01`feacb03b     : fffff802`52e10bd9 00000000`0000390d fffff802`52d23ce3 fffff802`52ad6d40 : nt!KiPageFault+0x469
ffff9a01`fb347908 fffff802`52e10bd9     : 00000000`0000390d fffff802`52d23ce3 fffff802`52ad6d40 ffff9a01`fb347fd0 : 0xffff9a01`feacb03b
ffff9a01`fb347910 fffff802`52dcc031     : fffff802`00000003 ffff8009`f968f600 ffff8009`f9689000 ffff8009`f9690000 : nt!ExpCenturyDpcRoutine$fin$0+0x151
ffff9a01`fb347970 fffff802`52dfe6bf     : ffff8009`f968f600 ffff9a01`fb347f60 ffff8009`f968f670 ffff8009`f968f670 : nt!_C_specific_handler+0x1a1
ffff9a01`fb3479e0 fffff802`52d2c484     : ffff9a01`fb3487c0 ffff8009`00000000 ffff9a01`fb3487c0 fffff802`52ad6d40 : nt!RtlpExecuteHandlerForUnwind+0xf
ffff9a01`fb347a10 fffff802`52dcbf75     : fffff802`52a980f0 fffff802`00000001 ffff8009`f968f670 ffff8009`f9690000 : nt!RtlUnwindEx+0x2c4
ffff9a01`fb348130 fffff802`52dfe63f     : fffff802`52ad6d40 ffff9a01`fb348710 fffff802`52dcbe90 00000000`00000000 : nt!_C_specific_handler+0xe5
ffff9a01`fb3481a0 fffff802`52d2bf97     : ffff9a01`fb348710 00000000`00000000 ffff8009`f968f670 fffff802`52d23ccf : nt!RtlpExecuteHandlerForException+0xf
ffff9a01`fb3481d0 fffff802`52d2ab86     : ffff8009`f968f348 ffff9a01`fb348e20 ffff8009`f968f348 ffffc10c`47174c4a : nt!RtlDispatchException+0x297
ffff9a01`fb3488f0 fffff802`52df6612     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDispatchException+0x186
ffff9a01`fb348fb0 fffff802`52df65e0     : fffff802`52e078a5 00000000`00000000 ffff8009`f968f2d0 ffff8009`f968f518 : nt!KxExceptionDispatchOnExceptionStack+0x12
ffff8009`f968f208 fffff802`52e078a5     : 00000000`00000000 ffff8009`f968f2d0 ffff8009`f968f518 00000000`00000000 : nt!KiExceptionDispatchOnExceptionStackContinue
ffff8009`f968f210 fffff802`52e035e0     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiExceptionDispatch+0x125
ffff8009`f968f3f0 fffff802`52dff9cd     : ffffc10c`505680c0 fffff802`52c72230 ffff8009`f968f500 00000000`00000000 : nt!KiGeneralProtectionFault+0x320
ffff8009`f968f580 fffff802`52dff90d     : ffff9a01`fb2ef180 ffff38cd`00000000 00000000`00000000 00000000`000000ff : nt!KiCustomRecurseRoutine2+0xd
ffff8009`f968f5b0 fffff802`52dffe4d     : 00000000`00000003 fffff802`52c71dab ffffc10c`5b3a0ef8 ffff9a01`fb2ef180 : nt!KiCustomRecurseRoutine1+0xd
ffff8009`f968f5e0 fffff802`52dffd8d     : 00000000`00000003 00000000`00000000 00000000`00000000 00000000`00000001 : nt!KiCustomRecurseRoutine0+0xd
ffff8009`f968f610 fffff802`52dffdc2     : 00000000`00000000 ffff9a01`fb2ef180 00000002`00001000 00000000`00000007 : nt!KiCustomRecurseRoutine9+0xd
ffff8009`f968f640 fffff802`52d23ccf     : 00000000`0000000c 00000000`00000001 00000000`00000010 ffffc10c`47132040 : nt!KiCustomAccessRoutine9+0x22
ffff8009`f968f670 fffff802`52c44f12     : 00000000`00000004 e7502ec0`5ef4340f ffff9a01`fb2ef180 00000000`00000080 : nt!ExpCenturyDpcRoutine+0x9f
ffff8009`f968f7e0 fffff802`52c06eed     : 00000000`00000000 00000000`00000000 00000000`00140001 00000000`001c2911 : nt!KiProcessExpiredTimerList+0x172
ffff8009`f968f8d0 fffff802`52df92ee     : 00000000`00000000 ffff9a01`fb2ef180 ffff9a01`fb2fa240 ffffc10c`5c99e100 : nt!KiRetireDpcList+0x5dd
ffff8009`f968fb60 00000000`00000000     : ffff8009`f9690000 ffff8009`f9689000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x9e

SYMBOL_NAME:  nt!KiPageFault+469

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

IMAGE_VERSION:  10.0.19041.685

STACK_COMMAND:  .thread ; .cxr ; kb

BUCKET_ID_FUNC_OFFSET:  469

FAILURE_BUCKET_ID:  AV_STACKPTR_ERROR_nt!KiPageFault

OS_VERSION:  10.0.19041.1

BUILDLAB_STR:  vb_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {5d494751-006f-69fb-e1b2-f4186279d450}

Followup:     MachineOwner
---------

7: kd> lmvm nt
Browse full module list
start             end                 module name
fffff802`52a00000 fffff802`53a46000   nt         (pdb symbols)          C:\ProgramData\Dbg\sym\ntkrnlmp.pdb\4EF9A5375F61FE84B7EAEF54BF025C0E1\ntkrnlmp.pdb
    Loaded symbol image file: ntkrnlmp.exe
    Mapped memory image file: C:\ProgramData\Dbg\sym\ntoskrnl.exe\C129B8081046000\ntoskrnl.exe
    Image path: ntkrnlmp.exe
    Image name: ntkrnlmp.exe
    Browse all global symbols  functions  data
    Image was built with /Brepro flag.
    Timestamp:        C129B808 (This is a reproducible build file hash, not a timestamp)
    CheckSum:         00A5C808
    ImageSize:        01046000
    File version:     10.0.19041.685
    Product version:  10.0.19041.685
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        1.0 App
    File date:        00000000.00000000
    Translations:     0409.04b0
    Information from resource tables:
        CompanyName:      Microsoft Corporation
        ProductName:      Microsoft® Windows® Operating System
        InternalName:     ntkrnlmp.exe
        OriginalFilename: ntkrnlmp.exe
        ProductVersion:   10.0.19041.685
        FileVersion:      10.0.19041.685 (WinBuild.160101.0800)
        FileDescription:  NT Kernel & System
        LegalCopyright:   © Microsoft Corporation. All rights reserved.---Merry Christmas!Thanks,Ices

Answer 1

Hey there Ices!

Of course, it's always my pleasure! This minidump doesn't really tell us much about what may be happening (if software-wise). We'll follow some generic solutions to see if they help (they usually do), and then we'll run Driver Verifier as a last instance to see if any driver is causing these issues.

Did you take any action which may have lead to this happening?

Please, follow these steps:

1. SYSTEM FILES INTEGRITY CHECK

First of all, and it's the most important step, make sure all Windows Updates are installed, all drivers are updated and BIOS is updated as well, everything with the latest installation possible. Please, check over graphics drivers (from their official websites), chipset driver, network driver... Then as well check on your BIOS and install the latest update for it.

Then, we will do some system files check, and also check the hard drive, just in case. Follow these steps:

1. Press Windows + R. Type 'cmd' and press Enter.
2. In the command prompt, run the following commands:

> dism /online /cleanup-image /restorehealth

> sfc /scannow

> chkdsk /f

Third command may ask you to type Y to reset the computer. Just type Y and then press Enter. I'd recommend you to post some feedback if these commands have fixed anything or not.

2. CLEAN BOOT

Perform a clean boot following the steps given in https://support.microsoft.com/en-us/topic/how-t... and see if issues continue happening. Report back with some feedback!

I would as well try to run your system in Safe Mode. Generally, if issues persist in Safe Mode it's because it may be hardware related. You can find the instructions here: https://support.microsoft.com/en-us/windows/sta...

3. DRIVER VERIFIER

We'll run Driver Verifier to check if there's a specific driver causing all this.

1. Please, create a restore point before starting all these steps.
2. Click on Windows search tab and type 'verifier'. Press Enter.
3. Select "Create custom settings (for code developers)" and click "Next".
4. Select "Select individual settings from a full list" and click "Next".
5. Select everything expect for "Force Pending I/O Requests" and "Low Resource Simulation" (both random and systematic) and click "Next".
6. Select "Select driver names from a list" and click "Next"
7. Select all drivers NOT provided by Microsoft and click "Next"
8. Select "Finish" on the next page.
9. Reboot your computer and wait for it to give a BSOD.

If it BSODs, it'll show DRIVER_VERIFIER_DETECTED_VIOLATION (xxxxx.sys). Please, share that error code with me along with the .DMP file it creates.

To stop it, go back in and select "Delete existing settings" on the first page of Driver Verifier.

If the BSOD appears exactly when booting, and doesn't let you go past it, you can go into Safe Mode and deactivate it from there. If it doesn't let you access Safe Mode to disable it, you can as well go into Recovery screen, open the Command Prompt and run verifier /resetverifier . This will deactivate Driver Verifier automatically.

Let's see if problems stop happening when we update all drivers and BIOS or with the system files' integrity check. If not, let's see then if issues persist in clean boot or in safe mode (please, give me some feedback). Then, just run Driver Verifier and upload the minidumps that it may create.

Have a lovely Christmas, and stay safe please!

Hugs,

Miguel Ángel :)

Answer 2

Hi Miguel, 

Thank you so much for your help. Here's the dump file.

https://we.tl/t-QtOeOnDu7x

Merry christmas too :)

Answer 3

Hey there Ices!

My name is Miguel Ángel and I'm an independent advisor, also a Microsoft user just like you! I'll try to help you today with your issue.

In order to be able to give a complex analysis on the minidump, I'll need the file itself which can be found in C:\Windows\Minidump. Could you please upload it to either OneDrive or WeTransfer? It might show a software issue and it'll be easy to solve, or we'll have to run over some solutions and diagnosing utilities.

I'll wait for your answer. Have a lovely Christmas day! :)

Miguel Ángel :)